• Content count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About m.rce

  • Rank
    Will I break 10 posts?

Profile Information

  • Gender
  1. Hello, I've found a query (in php) I can inject into, as it is in the form "select xyz where myparam=inject". However, the query result is just compared in a yes/no fashion, so I have no real way to make it 'produce' a visible output. Since php allows no query concatenation via ';' , is there a known way I could exploit this code weakness?? Regards.
  2. ok, I have BT4. * I currently use w3af for web-scanning - eventually I can pair it with nmap for a more hardcore scanning. What other tools should I use for vulno-research? * I use metasploit for crafting exploits, CANVAS costs 1K$(!). Is CANVAS good?? What other exploit platform I could use apart metasploit? * I have a bunch of SQL Injection tools, which one you prefer/suggest me? unfortunately, it seems SQLi are the king of exploitation, today... * Is it possible to chain proxies using JAP or TOR - that is, adding extra jumps for hardening backtracing? Regards.
  3. it was posted awhile on exetools, http://www.stoned-vienna.com/ it's only for x86, thou, and requires some seriou knowledge of the involved subject. Better you grab a Microsoft® Windows® Internals book and study it before...
  4. hi all! first of all, I'd like to know from some competent guy if my hacking platform is ok: i'm using JAP. Is JAP good enough? How'd you rate JAP for ...privacy? Next, my questions: I am trying to use the Wordpress 3.0.1 hack at http://www.exploit-db.com/exploits/15684/ (should be http://www.cvedetails.com/cve/CVE-2010-4257/). While fuzzing the page i am interested into, I did notice i got some 'blind' sql injections possible over comments field (i got a 500 internal error, which should happen only IFF the field value breaks the query in the script, no?? Now, I do not understand how to use http://www.exploit-db.com/exploits/15684/: it says "Exploitation. The logged in user must have publish_posts and edit_published_posts capabilities (this corresponds to the Author role)". What's the point of exploiting something if I have the author role - I mean, if I am blog's Author, wtf. *OR* it means that I leave a comment AND when the blog's author VIEW it the exploit triggers? Is anybody capable of explaining me how to use it?? Next part: Malicious PDF/SWF with metasploit. I examined the module creator, and I have a question: is it possible to 'edit' the generated pdf in order to add content of some kind? As it comes out, the created PDF/SWF is rather... empty. I have examined the possibility to create manually a pdf and embed it out of metasploit, but I do not know well the exploit string/how to generate it, so i've learned how to create a pdf (manually, not with a printer filter) but... I dont know the exploit string to embed. Thanks in advance.